On HP-UX, userspace utilities such as top or ps report that ZWS is running as root even though it has been configured to run as different user.
It would appear from this output that ZWS is running as root. Clearly, this has significant security implications. However, the child processes (17612 & 17613) are actually running as a user with a UID of 1596, rather than one of 0 which we would equate with root
HP-UX is, correctly, reporting the real GID/UID zeus.web is running as. However, we rely on downgrading ZWS' child process(es) upon start-up to those of an effective permission referred to above, HP-UX's ps utility is outputting the real permissions, which unfortunately serves to confuse the security conscious systems administrator.
The important question is we need to ask is, 'How can I prove that my child process'(remember, the parent zeus.web process will always run as root) are running as the GID/UID specified in $ZEUSHOME/web/global.cfg?"
Let's turn to C to help us...
Here's the source code:
Now we have a pstat binary. We can use this program to satisfy ourselves that ZWS is running with the correct permissions:
This is the parent process running as root
These are the zeus.web child processes running with an EGID of 1596.
: Original Author L. Spells 17/3/98.
Content Manager [Administrator] 05 June 2006
Comments are closed for this post.